System and Method for Instant Issue of Personalized Financial Transaction Cards

ABSTRACT

In a method for instantly issuing a personalized financial transaction card to a customer a bank employee receives customer information and card information from the customer at a branch location. The card information may include a card personal identification number (PIN) selected by the customer. The operator inputs the customer information and at least some the card information into a data processing terminal at the branch. The customer information and the card information are communicated from the branch across a network to a card services provider. At the card services provider, the PIN is entered into a PIN database and a reference number associated with the customer and a PIN offset is generated. The reference number and at least some of the customer data and card data may be stored in a card file associated with the customer. The reference number is used to retrieve the PIN from the PIN database. The retrieved PIN is then used to apply calculations to the card file. The card file is securely sent from the card services provider across the network to the branch location. Using information from the card file, the financial transaction card is printed for the customer at the branch location. In a preferred embodiment, the personalized card is instantly issued while the customer is present at the branch location.

A portion of the disclosure of this patent document contains materialthat is subject to copyright protection. The copyright owner has noobjection to the reproduction of the patent document or the patentdisclosure, as it appears in the U.S. Patent and Trademark Office patentfile or records, but otherwise reserves all copyright rights whatsoever.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims priority to U.S. Provisional Application No.61/365,673, filed Jul. 19, 2010, which is incorporated herein in itsentirety.

BACKGROUND OF THE INVENTION

The present invention relates to methods and systems for creating,issuing and printing financial transaction cards, such as credit cardsissued to consumers by financial institutions.

More specifically, the present invention pertains to methods and systemsthat allow a bank or other financial institution to instantly andsecurely issue a personalized credit card to a consumer at a branch orother remote location.

Many new customer accounts opened by banks include one or more debit orcredit cards associated with the account. New customer accounts aretypically opened at branch locations whereas new cards are often issuedby a centralized card services provider that is not physically near thebank branch. Accordingly, the customer must supply card information to abank employee at the branch. The customer may or may not have anopportunity to select a personalized PIN at that time. This card data isthen communicated, perhaps in a batch mode with other card data, to acard services provider.

The card services provider fulfills the card request by printing andencoding the card, then mailing it to the branch or to the customer. Thecustomer must then activate the card. This process involves delay andexpense that is undesirable and may introduce unnecessary securityrisks.

What is needed, then, is a low cost, secure, simple and easy to installsystem and method for providing instant issue of personalized financialtransaction cards in a bank branch. This needed system and method shouldinterface with the new accounts platform/host used by the bank and meetall of the security requirements imposed by the major credit and debitcard issuers and transaction processors.

BRIEF SUMMARY OF THE INVENTION

In one embodiment, the present invention is a method for issuing apersonalized financial transaction card from a financial institution toa customer in response to a customer request made from a branch locationassociated with the financial institution. A bank employee or operatorreceives customer information and card information from the customer atthe branch location. The card information may include a card personalidentification number (PIN). The operator inputs the customerinformation and at least some the card information into a dataprocessing terminal at the branch.

The customer information and the card information are communicated fromthe branch across a network to a card services provider. At the cardservices provider, the PIN is entered into a PIN database, a referencenumber associated with the customer is generated, and a PIN offset isgenerated. The reference number and at least some of the customer dataand card data may be stored in a card file associated with the customer.The reference number is used to retrieve the PIN from the PIN database.The retrieved PIN is then used to apply calculations to the card file.

The card file is securely sent from the card services provider acrossthe network to the branch location. Using information from the cardfile, the financial transaction card is printed for the customer at thebranch location. In a preferred embodiment, the personalized card isinstantly issued while the customer is present at the branch location.

In another embodiment, a verification message may be sent to thefinancial institution and to a card transaction processor when thefinancial transaction card has been successfully printed. Also, an errormessage may be sent to the branch location and to a card transactionprocessor when the financial transaction card does not successfullyprint.

In a further embodiment of the method, the step of securely sending thecard file to the branch location may include distributing a virtualdesktop from a server at the card services provider across the networkto a virtual desktop client at the branch location.

In some embodiments, the card file may be stored at the branch locationand the step of storing the reference number and at least some of thecustomer data further may include updating the card file with thereference number at the branch location.

In yet another embodiment of the invention, after the card file at thebranch location is updated with the reference number, the method mayinclude sending a card issue request from the branch location andreceiving it in a hardware security module (HSM) at the card servicesprovider. In this embodiment, in response to receiving the card issuerequest, the HSM may retrieve the PIN from the PIN database and applythe reference number to the calculations in the card file.

Thus, the system and method of the present invention will minimizeupfront costs incurred by financial institution banks for hardware,software, licensing and maintenance fees. It will provide a secureprocess for customer selected PINs and rely upon secure web serviceapplications to transmit card personalization data to drive the remotecard printers.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1( a) is a block diagram showing an arrangement of hardware andsoftware modules in accordance with one embodiment of the system of thepresent invention, further showing system communications from a bankbranch desktop PC that communicates an instant card issue request to thesystem web service.

FIG. 1( b) is a block diagram of the system of FIG. 1( a), furthershowing system communications between the system web service and thecard services provider web service after initiation of the instant issuerequest as shown in FIG. 1( a).

FIG. 1( c) is a block diagram of the system of FIG. 1( a), furthershowing system communications between the card services provider webservice and the card services provider application server afterinitiation of the instant issue request as shown in FIGS. 1( a) and1(b).

FIG. 1( d) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider application server placing data intoa card services provider database server after initiation of the instantissue request as shown in FIGS. 1( a)-1(c).

FIG. 1( e) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider application server retrieving aPIN/offset calculation from the card services provider hardware securitymodule after initiation of the instant issue request as shown in FIGS.1( a)-1(d).

FIG. 1( f) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider application server communicating acard print job to the card services provider print server afterinitiation of the instant issue request as shown in FIGS. 1( a)-1(e).

FIG. 1( g) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider print server securely communicating acard print job to a printer at the bank branch, after initiation of theinstant issue request as shown in FIGS. 1( a)-1(f).

FIG. 1( h) is a block diagram of the system of FIG. 1( a), furthershowing the printer at the bank branch communicating a card print jobsuccess or failure message back to the card services provider printserver, after initiation of the instant issue request as shown in FIGS.1( a)-1(g).

FIG. 1( i) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider print server communicating a cardprint job success or failure message back to the card services providerapplication server, after initiation of the instant issue request asshown in FIGS. 1( a)-1(h).

FIG. 1( j) is a block diagram of the system of FIG. 1( a), furthershowing the card services provider application server posting card printsuccess or failure information to the system web service, afterinitiation of the instant issue request as shown in FIGS. 1( a)-1(i).

FIG. 1( k) is a block diagram of the system of FIG. 1( a), furthershowing the system web service communicating card print success orfailure information to the bank branch desktop PC, after initiation ofthe instant issue request as shown in FIGS. 1( a)-1(j).

FIG. 2 is a flow chart illustrating a method for instant issue of apersonalized credit card at a bank branch, in accordance with oneembodiment of the present invention.

FIG. 3 a is a block diagram showing an arrangement of hardware andsoftware modules in accordance with another embodiment of the system ofthe present invention.

FIG. 3 b is a block diagram of the embodiment of the system of FIG. 3 a,further showing a site-to-site VPN tunnel being established between thesystem web service and the card services provider web service.

FIG. 3 c is a block diagram of the system of FIG. 3 a, further showing adynamic site-to-site VPN tunnel created between the printer and printerappliance and the print DMZ network.

FIG. 3 d is a block diagram of the system of FIG. 3 a, further showing apersistent connection between the print server to the applicationserver.

FIG. 3 e is a block diagram of the system of FIG. 3 a, further showingthe bank branch issuing a card instant issue request to the system webservice.

FIG. 3 f is a block diagram of the system of FIG. 3 a, further showingthe system web service sending an HTTP POST request to the web serviceDMZ network.

FIG. 3 g is a block diagram of the system of FIG. 3 a, further showingthe HTTP POST being proxied to the PCI-compliant card services providerapplication server and the HTTP status being returned to the webservice.

FIG. 3 h is a block diagram of the system of FIG. 3 a, further showingthe PCI-compliant application server 50 a requesting a card CVV KeyCryptogram from application server 50 b.

FIG. 3 i is a block diagram of the system of FIG. 3 a, further showingthe application server proxying the card print request to the cardservices provider database and returning the results to the applicationserver.

FIG. 3 j is a block diagram of the system of FIG. 3 a, further showingthe application server communicating to the hardware security module,submitting the CVV Key Cryptogram(s) and card personalization data, andretrieving CV1 and CV2 values.

FIG. 3 k is a block diagram of the system of FIG. 3 a, further showingthe PCI-compliant application server 50 a contacting the applicationserver 50 b and requesting card image calculation information.

FIG. 3 l is a block diagram of the system of FIG. 3 a, further showingthe application server retrieving the card image calculation informationfrom the database and returning the results.

FIG. 3 m is a block diagram of the system of FIG. 3 a, further showingthe application server 50 a connecting to the application server 50 band requesting the card image data.

FIG. 3 n is a block diagram of the system of FIG. 3 a, further showingthe application server 50 b retrieving the card image data from the fileserver and transmitting it back over the HTTP request.

FIG. 3 o is a block diagram of the system of FIG. 3 a, further showingthe application server 50 a connecting to the application server 50 b toretrieve card magnetic stripe calculation data.

FIG. 3 p is a block diagram of the system of FIG. 3 a, further showingthe application server 50 b retrieving the magnetic stripe calculationdata from the database and returning the results to the applicationserver 50 a over the HTTP response.

FIG. 3 q is a block diagram of the system of FIG. 3 a, further showingthe application server 50 a communicating the card print job on a printjob message bus.

FIG. 3 r is a block diagram of the system of FIG. 3 a, further showing aconnection broker assigning the print job to a worker thread on theprint server.

FIG. 3 s is a block diagram of the system of FIG. 3 a, further showingthe print server sending the print job to the printer through thedynamic site-to-site VPN tunnel.

FIG. 3 t is a block diagram of the system of FIG. 3 a, further showingthe printer attempting to print the card and sending a card printresponse message (success/failure/user intervention required) back tothe print server.

FIG. 3 u is a block diagram of the system of FIG. 3 a, further showingthe worker thread placing the print result on the message bus.

FIG. 3 v is a block diagram of the system of FIG. 3 a, further showingthe application server sending the print result to the web service DMZnetwork via HTTP POST.

FIG. 3 w is a block diagram of the system of FIG. 3 a, further showingthe proxy server in the card services provider web service relaying thecard print result to the system web service.

FIG. 3 x is a block diagram of the system of FIG. 3 a, further showingthe system web service relaying the card print result to the requestingbank branch.

DETAILED DESCRIPTION OF THE INVENTION

Referring now to FIGS. 1( a)-(k), an arrangement of hardware andsoftware elements, components, and modules used in one embodiment of thesystem 10 of the present invention is shown. In this embodiment, a bankprovides retail banking services to customers through one or more bankbranches 15 a-15 c. The branches 15 run data processing systemsconnected to each other and to a bank central office by a wide areanetwork (WLAN) or system web service 20 and a public data network 5,such as the public Internet.

Conventionally, the bank and its branches 15 are authorized to issuefinancial transaction cards, such as debit or credit cards, which areassociated with a branded card transaction processor such as Visa® orMasterCard®. These transaction processors operate and control a globalfinancial network of electronically interconnected card issuers,acquirers, merchants, and data processing centers.

The bank may contract with a card services provider to provide servicesassociated with the issuance of a new credit or debit card to a bankcustomer. In the embodiment of FIG. 1( a), the card services providerwill operate hardware and software networks 35 that can receive andprocess requests for new cards sent by a bank branch 15. The cardservice provider networks may include an instant issue web service DMZnetwork 55, an instant issue server network 36, an instant issuepersonalization network 45, and an instant issue print DMZ network 60.

The instant issue server network 36 may include an active directory ordomain controller 37, an application server 50, and a database server41. Accordingly, the card services provider will maintain a PIN(Personal Identification Number) database 40 connected to the databaseserver 41 that can securely store PINs selected by bank customers when anew card is issued.

As part of the instant issue personalization network 45, the cardservices provider may also operate a hardware-host security module (HSM)47 to provide a secure environment for card data encryption, PINcalculations, sensitive cryptographic operations, secure key storage,and management of a large number of secure keys, as is known to a personof skill in the art. A hardware-host security module, as known to thoseof skill in the art, is a combination of hardware and software/firmwarethat is functionally connected to a PC or server to providecryptographic functions. The HSM 47 may include a user interface andprogrammable interface. The physical part of an HSM, which may be aplug-in card or external device such as a physical Windows Server, mayinclude tamper-resistant features.

Preferably, the functional interface between the card services providernetworks 35, the public network 5, and the system web service 20 mayinclude a web service “demilitarized zone” (DMZ) network 55. Ademilitarized zone, sometimes referred to as a Perimeter Network, is aphysical or logical sub-network that contains and exposes anorganization's external services to a larger untrusted network, such asthe Internet. The DMZ network 55 adds an additional layer of security tothe communications link between the system web service 20 and the cardservices provider networks 35, so that an external attacker has accessonly to hardware in the DMZ and not in any other part of the networks.Within the DMZ network 55 is a card services provider web service 56.The web service 56 may be implemented using, for example, a Windowsvirtual server or Apache proxy server.

The DMZ network 55 and the system web service 20 may be interconnectedby a private network connection or across the public network 5, such asthe public Internet. In one embodiment, this connection may beimplemented by an encrypted (e.g., IPSEC) Virtual Private Network (VPN)tunnel using an IPSEC endpoint device or security appliance 59. Oneconventional example of a security appliance that may be used is a ModelASA 5050 Firewall from Cisco Systems, Inc. The instant issue servernetwork 36 may be coupled to the DMZ network 55 through a firewall 58,e.g., a virtual appliance. The HSM 45 is also functionally coupled tothe instant issue server network 36 using a firewall 46, e.g., a virtualappliance.

The card services provider networks 35 may include an instant issue cardprint network DMZ 60 containing a print server 61. The instant issuecard print network DMZ 60 may be connected to the DMZ network 55 througha firewall 38, e.g., a security appliance such as the Cisco ASA 5050Firewall. The instant issue card print network DMZ 60 and the system webservice 20 may be interconnected by a private network connection oracross the public network 5. In one embodiment, this connection may beimplemented by an encrypted (e.g., IPSEC) Virtual Private Network (VPN)tunnel using and an IPSEC endpoint device 62 such as the Cisco ASA 5050Firewall.

The system 10 may also include hardware and software located at eachbranch location 15, including one or more desktop PCs or workstations 16functionally coupled to the system web service 20 and a branch cardprinter network 17. In one embodiment, the branch card printer network17 includes a card printer 18. The branch card printer network 17 may beisolated and therefore coupled to the instant issue card print networkDMZ 60 using a VPN tunnel established between a firewall and IPSECendpoint device and endpoint device 62. The branch card printer network17 may also be connected to the public network 5 through firewall andIPSEC endpoint device 19. In the embodiment shown, a wireless internetconnection is used. In one embodiment, the card printer 18 may be aDatacard Model FP65i Financial Card Printer from the Datacard Group.

In the embodiment of FIGS. 1( a)-(k), the branch desktop PCs 16 cansecurely communicate with the card services provider networks 35. Thebranch PCs 16 will access and display one or more browser-based systemuser interfaces generated by the system web service 20 and card servicesprovider web service 56. This user interface on the branch PCs 16 isused by a bank operator at the branch during the process of using thesystem 10 to request and issue a new card. The desktop PCs 16 arefunctionally coupled to the client services provider networks 35 throughthe system web service 20 and DMZ network 55 to provide secure datacommunications between the branches 15 and the card services providernetworks.

The branch card printer 18 is functionally coupled to the clientservices provider print server 61 to securely receive card printcommands. The card printer 18 may be equipped with a supply of blankcard stock. The card printer 18 uses the data in a card file to imprinta blank card with personalized information associated with and selectedby a customer.

Referring now to FIG. 2, an embodiment of a method 100 for instant issueof a personalized credit card to a bank customer located at a bankbranch location can be described. In a first step 110, a bank employeeor other system operator working in the branch receives information fromthe customer that is needed to initiate the request for issuance of apersonalized credit or debit card to the customer. This information isentered into corresponding card data fields used by the system. In oneembodiment the card data fields are part of a CAF card file. The datafields in the card file may include data identifying the customer byname and address, the branch, the bank operator, and the particular typeof financial transaction card (e.g., credit or debit) being requested.

In a second step 120, the customer selects a PIN (PersonalIdentification Number) that will be associated with the card to beissued to the customer. In a preferred embodiment, the personalized PINis entered into the system by the customer directly, using a keypad-typedata terminal at the branch or a telephone and voice recognition system,so that the bank operator does not see or hear the PIN. A PIN selectionsystem that can be used for this purpose is described in U.S. Pat. No.5,132,521, the entire disclosure of which is incorporated herein byreference.

The selected PIN is communicated electronically 130 to a PIN database.In one embodiment, the PIN database is maintained remotely by a cardservices company that contracts with the bank to produce, encode, andissue personalized financial transaction cards to customers of thatbank.

In a fourth step 140, the software associated with the PIN databasegenerates a reference number associated with the customer and theselected PIN. The reference number is communicated to and may be storedin the card file associated with the customer as a file update. Thisupdated card file may be used by the system software used at the branchlocation.

In one embodiment of the method, after the card file is updatedfollowing generation of the reference number, a card request iscommunicated 150 to an edit function software application in thehardware host security module (HSM) 45. The HSM 45 may be controlled bya card services provider remote from the branch. The HSM edit functionapplication uses the reference number to retrieve 160 the PIN from thePIN database so that algorithmic calculations can be applied to the PINin the card file.

In a next step 170, the card file is securely sent to a remote cardprinter at the branch location. In one embodiment, this step isimplemented by a means of a virtual desktop server communicating with avirtual desktop client associated with the remote card printer and a PCor terminal located at the branch.

The customer's card is then printed 180 by the remote printer using thedata in the card file. After the card is printed, a verification messagemay be sent 190 to the bank and to the card transaction processor. Thisverification message confirms that the card is ready for use by thecustomer. Alternatively, if the card printing is not successful, anerror message is communicated 200 to the bank operator in the branch andto the transaction processor.

An embodiment of a method for instant issue of a personalized creditcard to a bank customer located at a bank branch location can be furtherunderstood by reference to FIGS. 1( a)-1(k). To initiate the process asshown in FIG. 1( a), a system operator makes a card issue request at thebranch desktop PC 16, which then communicates an instant card issuerequest to the system web service 20.

The system web service 20 connects to the card services provider webservice 55 over a persistent secure (e.g., IPSEC) tunnel andcommunicates the card instant issue request to the client servicesprovider networks 35, as shown in FIG. 1( b). The card services providerweb service 55 connects to the card services provider application server50 (FIG. 1( c)). In response, the application server 50 places data intothe card services provider database 40 (FIG. 1( d)). As shown in FIG. 1(e), the card services provider application server 50 then retrieves aPIN/offset calculation from the card services provider hardware securitymodule 47.

The card services provider application server 50 communicates a cardprint job to the card services provider print server 61, as seen in FIG.1( f). This card print job is sent to the instant issue card printer 18(FIG. 1( g)). This allows the financial transaction card to be printedat the bank branch 15 that made the card issue request.

The printer 18 communicates a card print job success or failure messageback to the card services provider print server 61 (FIG. 1( h)). Thecard services provider print server 61 then communicates a card printjob success or failure message back to the card services providerapplication server 50 (FIG. 1( i)). The card services providerapplication server 50 then posts card print success or failureinformation to the system web service 20 ((FIG. 1( j)). Finally, asshown in FIG. 1( k), the system web service 20 communicates card printsuccess or failure information to the bank branch desktop PC 16.

FIG. 3 a illustrates another embodiment of the system 10 in which thecard printer 18 at the branch location 15 is physically combined with asecurity appliance 21 inside a common housing. In this embodiment, thecombination of the card printer 18 and security appliance 21 may be PCI(Payment Card Industry) compliant. This compliance requires a novelmethod of managing an IPSEC tunnel through a Linux appliance 21.

There are several known techniques for negotiating an IPSEC tunnel. Acommon technique is to use a pre-shared key (PSK) shared between twopublic, static IP addresses. This type of tunnel allows either end toinitiate the tunnel when traffic designated for the other end of thetunnel is detected. This traffic is known in the art as “interestingtraffic”. When there is no “interesting traffic” (for a pre-configuredperiod of time) the security association between the end-points will beterminated and thus the IPSEC tunnel is said to be “down.” This is not aproblem for two public, static IP Addresses, as either side can initiatethe tunnel to the public address on the remote end. However, when oneside of the tunnel will not be static, or the IP address will not beknown, or if it is behind a router/firewall that does Network AddressTranslation (NAT), only one end (the non-static, non-public end) mayinitiate the IPSEC tunnel. For the static, public (non-initiating) endof the tunnel to send traffic to the private, dynamic end, the tunnelmust be aggressively kept “up” at all times. To achieve this, the systemembodiment shown in FIG. 3 includes a device with an operating systembuilt into the printer case. This built-in Linux appliance 21 on theprivate, dynamic end (at the bank branch) is able to initiate the IPSECtunnel while monitoring the other side for connectivity. If monitoringdetects problems, the device 21 is able to re-establish the IPSECtunnel. Thus, the appliance 21 may be a hardened Linux appliancefunctioning as a router, firewall, and dynamic-to-static IPSEC endpointthat complies with Center for Internet Security (CIS) standards. In thisembodiment, the card printer 18 may be a Dualys card printer fromEvolis.

In the embodiment of FIG. 3 a, the card services provider will operatehardware and software networks 35 a and 35 b that can receive andprocess requests for new cards sent by a bank branch 15. The networks 35a are PCI-compliant networks and include an instant issue web serviceDMZ network 55, an instant issue server network 36 a, an instant issuepersonalization network 45, and an instant issue print DMZ network 60,as described above with reference to FIG. 1( a).

The PCI compliant instant issue server network 36 a may include anactive directory or domain controller 37, an application server 50 a,one or more workstations 39, and an IPSEC administrative server 43.

Card services provider network 36 b includes an application server 50 b,a PIN database 40 connected to a database server 41 to securely storePINs selected by bank customers when a new card is issued, and a fileserver 42.

FIGS. 3 a-3 x illustrate sequential operation of this embodiment ofsystem 10. In FIG. 3 b, a site-to-site VPN link is established betweenthe system web service 20 and the card services provider networks 35 aand 35 b. A dynamic site-to-site VPN tunnel is then created betweenprinter appliance 21 and the print DMZ network 60, as shown in FIG. 3 c.The print server 61 establishes a persistent connection to theapplication server 50 a, as shown in FIG. 3 d. In FIG. 3 e, a bankbranch 15 issues a card instant issue request to the system web service20. The system web service then sends an HTTP POST request to the webservice DMZ network 55 (proxy server 56), as shown in FIG. 3 f. The HTTPPOST is proxied to the application server 50 a and the HTTP status isreturned to the web service 20, as shown in FIG. 3 g.

The application server 50 a requests a card CVV Key Cryptogram as knownin the art from application server 50 b (FIG. 3 h). The applicationserver 50 b proxies this request to the card services provider database40 and returns the results to the application server 50 a (FIG. 3 i).The application server 50 a contacts the HSM 47 via HTTP (9090), submitsthe CVV Key Cryptogram(s) and card personalization data, and retrievesCV1 and CV2 values, again as known in the art (FIG. 3 j).

The application server 50 a contacts the application server 50 b andrequests card image calculation information (FIG. 3 k). The applicationserver 50 b retrieves the image calculation information from thedatabase 40 and returns the results (FIG. 3 l). The application server50 a connects to application server 50 b and requests the card imagedata (FIG. 3 m). The application server 50 b retrieves the card imagedata from the file server 42 and transmits it back over the HTTP request(FIG. 3 n).

As shown in FIG. 3 o, the application server 50 a then connects to theapplication server 50 b to retrieve card magnetic stripe calculationdata. The application server 50 b retrieves the magnetic stripecalculation data from the database 40 and returns the results to theapplication server 50 a over the HTTP response (FIG. 3 p).

Now having the card CV1 and CV2 values, the card personalization data,the card image information, the card image data, and the magnetic stripedata, the application server 50 a communicates the card print job on amessage bus (FIG. 3 q). The connection broker then assigns the job to aworker thread on the print server 61 (FIG. 3 r). The print server 61sends the print job to the printer 18 through the dynamic site-to-siteVPN tunnel (FIG. 3 s). The printer 18 then attempts to print the cardand sends a card print response message (success/failure/userintervention required) back to the print server 61 (FIG. 3 t). Theworker thread places the print result on the message bus (FIG. 3 u). Theapplication server 50 a sends the print result to the web service DMZnetwork 55 (proxy server 56) via HTTP POST (FIG. 3 v). The proxy server56 relays the print result to the system web service 20 (FIG. 3 w) whichrelays the result to the requesting branch 15 (FIG. 3 x), completing theprocess. The system 10 is now ready for another card print request.

In the process described above, while many of the data retrieval stepsare performed sequentially, this is not required. For example, some orall of the data needed from the servers as illustrated and describedwith reference to FIGS. 3 h-3 q can be retrieved concurrently in asingle step.

Thus, although there have been described particular embodiments of thepresent invention of a new and useful system and method for instantissue of personalized financial transaction cards, it is not intendedthat such references be construed as limitations upon the scope of thisinvention except as set forth in the following claims.

1. A method for issuing a personalized financial transaction card from afinancial institution to a customer in response to a customer requestmade from a branch location associated with the financial institutioncomprising: receiving customer information and card information from thecustomer at the branch location, the card information including a cardpersonal identification number (PIN); inputting the customer informationand at least some the card information into a data processing terminalat the branch; electronically communicating the customer information andthe card information from the branch across a network to a card servicesprovider; entering the PIN into a PIN database; generating a referencenumber associated with the customer and the selected PIN; storing thereference number and at least some of the customer data and card data ina card file associated with the customer; retrieving the PIN from thePIN database; using the retrieved PIN to apply calculations to the cardfile; securely sending the card file from the card services provideracross the network to the branch location; using information from thecard file, printing the financial transaction card for the customer atthe branch location; and wherein each step of the method is performedwhile the customer is present at the branch location.
 2. The method ofclaim 1 further comprising sending a verification message to thefinancial institution when the financial transaction card has beensuccessfully printed.
 3. The method of claim 1 further comprisingsending an error message to the branch location and when the financialtransaction card did not successfully print.
 4. The method of claim 1wherein the card file is stored at the branch location and the step ofstoring the reference number and at least some of the customer datafurther comprises updating the card file with the reference number atthe branch location.
 5. The method of claim 4 further comprising: afterthe card file at the branch location is updated with the referencenumber, sending a card issue request from the branch location andreceiving it in a hardware security module (HSM) at the card servicesprovider; and in response to receiving the card issue request, using theHSM to retrieve the PIN from the PIN database and to apply the referencenumber to the calculations in the card file.